The PreprocessorDefinitions line is still not sorted, but I'll do that in a separate patch.
There is no functional change in this patch. Just moving the defines around.
Its interesting to me that now that it's sorted and I can easily compare this with other
ports and found that a whole bunch of defines which should be on for Cairo are off,
likely due to Cairo simply being overlooked. These oversights should be easy to avoid
in an autogenerated world.

I have a script which can autogenerate these xcconfig files as well as the
vsprops files (and soon the Chromium, cmake, gnumake and qmake) feature lists
from a central feature list file.
In preparation for posting such a tool, I'm re-sorting these xcconfig files to be
alphabetically ordered (currently they're close, but not quite).
There is also at least one inconsistency between these files (CSS_LEGACY_PREFIXES) which
I will fix in a second pass. I will also sort the FEATURE_DEFINES = line in a follow-up patch.

Blur filters move pixels around, so a pixel can influence the value of
pixels at some distance away. If a pixel is not occluded, then all
pixels within the radius of the blur may influence the value of that
pixel, so they should also stay unoccluded.

For background filters, the pixels are read from the filter's target
surface, so we remove occlusion from that target surface from pixels
that will blur into visible pixels.

Writing warnings to stderr when FractionalLayoutUnits overflow on debug builds instead of asserting
and crashing. It can be very useful to WebKit developers know when overflow is occurring, but it's
not always a programming error, so assert wasn't the right action.

These tests iterate over all properties in the global scope and their respective properties.
These tests are different on all platforms because they depend on build flags.
Each feature should be covered by a more specific test than a global catch all that breaks
every time anyone touches any IDL file.

(WebCore::HTMLFormElement::prepareForSubmission):
Get the form field names and values, and use them to create a FormState
object. Pass this object when calling dispatchWillSendSubmitEvent().
(WebCore::HTMLFormElement::getTextFieldValues):
Loop over the associated elements, looking for <input> elements.
Collect their names and values.

(WebCore::Page::Page):
Initialize new call count member.
(WebCore::Page::setDefersLoading):
Check whether the callers wants balanced defer/resume loading behavior.
If the call count is not changing from 0 to 1 or 1 to 0, return early.
Otherwise, defer or resume loading for frames in this page.

page/Page.h:

(WebCore::Page::defersLoading):
Added a member to hold the call count.

page/Settings.cpp:

(WebCore::Settings::Settings):
Initialized new member m_wantsBalancedSetDefersLoadingBehavior.

Change Length and CSS length computation to floating point. This gets us
closer to the goal of supporting subpixel layout and improves precision
for SVG which already uses floating point for its layout.

This change makes computedStyle return fractional values for pixel values
if a fraction is specified. It also changes the result of computations
where two or more values with fractional precision. Prior to this change
the result of Length(2.9) + Length(2.9) would be 4 as each value would be
floored. With this change the result is 5 as the addition is done with
floating point precision and then the result will be floored. Once we
enable subpixel layout the resulting value in this example would be 5.8.

If a value is sufficiently close to the next integer round it up to
ensure that a style rule such as "width: 4.999px" evaluates to 5px
instead of 4px. This is needed as, although Lengths are using floating
point, the layout system still uses integer precision and floors the
Length values.
This will change once we move to FractionalLayoutUnits but for now this
is needed to ensure compatibility with the existing system and tests.

Without this specialized rounding logic we fail a handful of tests
including acid3.

platform/Length.h:

(WebCore::Length::value):
(Length):
(WebCore::Length::intValue):

rendering/RenderTableCell.cpp:

(WebCore::RenderTableCell::styleOrColLogicalWidth):

LayoutTests:

Reviewed by Eric Seidel.

Change Length and CSS length computation to floating point. This gets us
closer to the goal of supporting subpixel layout and improves precision
for SVG which already uses floating point for its layout.

This change makes computedStyle return fractional values for pixel values
if a fraction is specified. It also changes the result of computations
where two or more values with fractional precision. Prior to this change
the result of Length(2.9) + Length(2.9) would be 4 as each value would be
floored. with this change the result is 5 as the addition is done with
floating point precision and then the result will be floored. Once we
enable subpixel layout the resulting value in this example would be 5.8.

We're still seeing crashes in the FrameLoader where the FrameLoader's
state is "provisional" but there is no provisional document loader. I
added code to update the FrameLoader's state everytime the provisional
document loader is cleared, and added checks that the FrameLoader's
state can't be set to provisional without a provisional loader.

If the crashes go away, or the newly added checks reveal the culprit,
we should relex the checks to use ASSERT() instead of CRASH().

Opportunistic GC is punishing us severely in limited memory situations because its
assumptions about how much time a collection will take are way out of whack when the Heap
has been paged out by the OS. We should add a simple detection function to the Heap that
detects if its is paged out. It will do this by iterating each block of both the MarkedSpace
and CopiedSpace. If that operation takes longer than a fixed amount of time (e.g. 100ms),
the function returns true. This function will only be run prior to an opportunistic
collection (i.e. it will not run during our normal allocation-triggered collections).

In my tests, steady state was drastically improved in high memory pressure situations (i.e.
the browser was still usable, significant reduction in SPODs). Occasionally, a normal GC
would be triggered due to pages doing things in the background, which would cause a
significant pause. As we close pages we now cause normal collections rather than full
collections, which prevents us from collecting all of the dead memory immediately. One
nice way to deal with this issue might be to do incremental sweeping.

heap/CopiedSpace.cpp:

(JSC::isBlockListPagedOut): Helper function to reduce code duplication when iterating over
to-space, from-space, and the oversize blocks.
(JSC):
(JSC::CopiedSpace::isPagedOut): Tries to determine whether or not CopiedSpace is paged out
by iterating all of the blocks.

heap/CopiedSpace.h:

(CopiedSpace):

heap/Heap.cpp:

(JSC::Heap::isPagedOut): Tries to determine whether the Heap is paged out by asking the
MarkedSpace and CopiedSpace if they are paged out.
(JSC):

heap/Heap.h:

(Heap):
(JSC::Heap::increaseLastGCLength): Added this so that the GC timer can linearly back off
each time it determines that the Heap is paged out.

heap/MarkedAllocator.cpp:

(JSC::MarkedAllocator::isPagedOut): Tries to determine if this particular MarkedAllocator's
list of blocks are paged out.
(JSC):

heap/MarkedAllocator.h:

(MarkedAllocator):

heap/MarkedSpace.cpp:

(JSC::MarkedSpace::isPagedOut): For each MarkedAllocator, check to see if they're paged out.

heap/MarkedSpace.h:

(MarkedSpace):

runtime/GCActivityCallback.cpp:

(JSC::DefaultGCActivityCallback::cancel):
(JSC):

runtime/GCActivityCallback.h:

(JSC::GCActivityCallback::cancel):
(DefaultGCActivityCallback):

runtime/GCActivityCallbackCF.cpp: Added a constant of 100ms for the timeout in determining

whether the Heap is paged out or not.
(JSC):
(JSC::DefaultGCActivityCallbackPlatformData::timerDidFire): Added the check to see if we
should attempt a collection based on whether or not we can iterate the blocks of the Heap in
100ms. If we can't, we cancel the timer and tell the Heap we just wasted 100ms more trying to
do a collection. This gives us a nice linear backoff so we're not constantly re-trying in
steady state paged-out-ness.
(JSC::DefaultGCActivityCallback::cancel): Added this function which, while currently doing
exactly the same thing as willCollect, is more obvious as to what it's doing when we call it
in timerDidFire.

If a layer becomes composited because it needs to clip composited
descendants, or if it has perspective, then it doesn't actually
needs its own backing store; its contents can be painted by an
ancestor, and we can just have an empty layer that does the clipping
or applies the perspective transform.

This change adds some ASSERTs on RenderLayer that prevent any use of its lists if they
are dirtied.

On top of this change, we added an invariant that non-stacking contexts should have their
z-index lists NULL (instead of empty or NULL previously). This is enforced at
updateZOrderLists time as we now ensure that it is called in a timely manner.

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::calculateLayerBounds):
Added call to updateLayersIfNeeded as we will query them later and there is no guarantee
that they are not dirty (we recurse in our children as part of calculateLayerBounds).
This was causing the new ASSERTs to trigger on css3/filter/ tests.

(WebCore::RenderLayer::dirtyZOrderLists):
Added a comment as to why we can't ASSERT that we are in a stacking context here.

(WebCore::RenderLayer::rebuildZOrderLists):
Added an ASSERT that we only rebuild z-index lists for dirtied stacking context.

(WebCore::RenderLayer::updateLayerListsIfNeeded):
Updated to ensure that the reflection layer has its layers updated too. This was triggering
the new ASSERTs on fast/runins/run-in-layer-not-removed-crash.html.

(WebCore::RenderLayer::updateCompositingAndLayerListsIfNeeded):
Updated to use the new isDirtyStackingContext function.

rendering/RenderLayer.h:

(WebCore::RenderLayer::isDirtyStackingContext):
New helper function. Also made updateLayerListsIfNeeded() the only way
to update layer. That should prevent any misuse.

(WebCore::RenderLayer::posZOrderList):
(WebCore::RenderLayer::negZOrderList):
(WebCore::RenderLayer::normalFlowList):
ASSERT that we don't query any of the previous lists if they are dirty. Also
enforce the invariant that non-stacking contexts should have NULL z-index lists.

(WebCore::RenderLayer::clearZOrderLists):
New function to clearZOrderLists so that we can enfore the previous invariant.

(WebCore::RenderLayer::updateZOrderLists):
Updated to clear the dirty flag and the z-index lists for non-stacking context.

(WebCore::RenderLayerCompositor::updateLayerTreeGeometry):
(WebCore::RenderLayerCompositor::canBeComposited):
Disabled compositing on RenderLayer in flow thread. Because flow thread's
RenderLayer are not collected as part of RenderLayer's lists and could be composited,
this was causing the new ASSERTs to trigger (e.g. on fast/regions/webkit-flow-renderer-layer.html).

This change implements a poor man's select() that will
slow-spin doing non-blocking reads on the stdout and stderr
named pipes connecting the worker to the driver. Seems to work
and I have yet to see much overhead or ill effects but it
probably needs more testing.

The spec defines the behavior for generated keys up to 253
(the maximum integer storable as an ECMAScript number) and
the error case when going beyond that. Ensure that we can
handle values up to that point and generate errors beyond.

r115880 replaced the direct use of sys.platform with a
PlatformInfo object. Dirk Pranke later told me SystemHost objects
should be preferred, as nothing out of webkitpy.common.system
should create its own PlatformInfo instances.

Scripts/webkitpy/common/system/systemhost_mock.py:

(MockSystemHost.init): Make it possible to specify a custom
filesystem object.

Scripts/webkitpy/style/checkers/png.py:

(PNGChecker.init): Accept a host object instead of a
filesystem one, which is now obtained from host.
(PNGChecker._config_file_path): Retrieve PlatformInfo from
SystemHost.

Scripts/webkitpy/style/checkers/png_unittest.py:

(PNGCheckerTest.test_init): Adjust calls to PNGChecker to its new
constructor signature.
(PNGCheckerTest.test_check): Ditto.

This patch also fixes bugs 72834 and 47781. The main problem is that correct preferred
logical widths are affected by operator stretching. Thus we add a call to
setNeedsLayoutAndPrefWidthsRecalc() after the stretching code in
RenderMathMLOperator.cpp, and change RenderMathMLBlock and RenderMathMLRow to make sure
that stretching of children is done before an <mrow>'s preferred logical widths are
computed.

Remove stretchToHeight() from most classes as it no longer needs to be done
recursively. We just call it on the base of an embellished operator, and that
calls setNeedsLayoutAndPrefWidthsRecalc() to mark itself and its container
chain.

See ​http://trac.webkit.org/changeset/85945 for background on the line
I'm changing. With clang, GXX_EXPERIMENTLAL_CXX0X is set in c++11
mode, but MSVC's c++ library doesn't have a tr1/memory header. So also
check for GLIBCXX, like it's done in the rest of this file.

Another part of the work towards replacing direct sys.platform
usage with PlatformInfo.

Scripts/webkitpy/layout_tests/run_webkit_tests_integrationtest.py:

(MainTest.setUp): Move the setting of SHOULD_TEST_PROCESSES
here. Even though it is costlier, unittest.setUpClass was
introduced in Python 2.7.
(MainTest.test_child_processes_2): Use self.SHOULD_TEST_PROCESSES.
(MainTest.test_child_processes_min): Ditto.
(MainTest.test_exception_raised): Ditto.
(MainTest.test_keyboard_interrupt): Ditto.
(MainTest.test_crash_log): Check for PlatformInfo.is_mac().
(MainTest.test_web_process_crash_log): Ditto, and remove duplicate
check at the end.
(MainTest.test_no_http_tests): Remove check for (cygwin && Python
2.5.2), as we only support Python 2.6+.

PR: 153232
When we search the best node for block zoom, if the initial node's new
scale exceeds the maximum block zoom scale, we will try to walk through
it's ancestors and pick the acceptable one. But the reality is that the
acceptable ancestor's size can be too close to the size of the actual
contents, we will do nothing for it. As we will still select the
minimum of the new scale and the maximum block zoom scale as block zoom
scale, we can ignore such kind of node and use the initial node instead.

The memory allocation size (in bytes) is fed from LayerRendererChromium memory allocation changed callback
handler to CCLayerTreeHost. At that point we adjust the limits, using the existing notions of preferred and
max limits.

On android, the preferred limit is half the maximum (as it has always been), but on all other platforms the
preferred limit is now equal to max, in order to allow more agressive prepainting.

Finally, android has memory constraints dependant on viewportSize, but that logic has been pushed into
the GpuMemoryManager.

When writing test results for a reftest mismatch, also take into account the
difference percent that is produced when generating image diff. This value is
then used when creating test results in the form of dictionaries, stored under
the 'image_diff_percent' key. It ultimately ends up in JSON results data,
providing additional information about the reftest difference.

Scripts/webkitpy/layout_tests/controllers/manager.py:

(interpret_test_failures): Store the diff percent for reftest failure under the
'image_diff_percent' key.

Scripts/webkitpy/layout_tests/controllers/test_result_writer.py:

(write_test_result): Also set the new diff_percent attribute of the reftest
mismatch failure to the value of the difference percent ImageDiff outputs.

Scripts/webkitpy/layout_tests/models/test_failures.py:

(FailureReftestMismatch.init): Add the new diff_percent attribute with the
default value of None.

The crash was caused by indentIntoBlockquote's passing a bad outerBlock to moveParagraphsWithClone.

When the position is created after blockquote in the following DOM:
BODY

BLOCKQUOTE style=margin: 0 0 0 40px; border: none; padding: 0px;

E

#text "\nx\n"

VisiblePosition's constructor (of startOfContents) turns the position into a legacy position (blockquote, 0).
The crash occurs because this position doesn't belong in the same paragraph as E, which is the paragraph
we're trying to move into the blockquote.

Fixed bug by calling positionInParentAfterNode instead of positionAfterNode for now. We should eventually be
able to use positionAfterNode here once VisiblePosition's constructor starts handling before/after positions
properly.

fast/layers/no-clipping-overflow-hidden-added-after-transform.html
fast/layers/no-clipping-overflow-hidden-added-after-transition-expected.html
fast/layers/no-clipping-overflow-hidden-added-after-transition.html
fast/layers/no-clipping-overflow-hidden-hardware-acceleration-expected.html
fast/layers/no-clipping-overflow-hidden-hardware-acceleration.html
(and all the tests that will need to be rebaselined)

r110072 changed the way we create layers to lazily allocate overflow: hidden ones
based on layout overflow. However with hardware acceleration, certain operations
do cause overflow without actually calling layout (the test cases added as part
of this change are using transition / animation). This means that those cases
wouldn't properly clip.

Due to the above issue and the other regressions from r110072, the easiest fix is
to just to roll it out.

rendering/RenderBox.h:

Changed to allocate a layer whenever we have an overflow clip.

rendering/RenderBox.cpp:

(WebCore::RenderBox::scrolledContentOffset):
(WebCore::RenderBox::cachedSizeForOverflowClip):
Reverted those 2 to avoid using the cached size logic.

Added support for color filters in TextureMapperGL. Blur and shadow would be done in a
different patch.

Modified BitmapTexture::applyFilters to return a texture, since GL cannot paint a texture
into itself.
Created a shader map for standard filters, since all of them work more or less the same way
with a single uniform. Added the colorization shaders based on the W3C filter spec, as
already implemented in FEFilterRenderer.cpp and FEColorMatrix.cpp.
We use two swapping textures to render the filters.

When the editor state changes we have to inform the input method about changed
properties so that it can issue a new input method query. Otherwise it may use old values
from other QQuickItems or other incorrectly initialized data.

Also use isActiveFocus() instead of hasFocus() to detect whether we're actively focused.
This is also what QQuick uses internally to determine whether it can make calls to the input method
or not.

Standard extension scripts injected to the Chromium background page should have
correct script data which means that context debug id should be already set on
the context where they are compiled before the compilation. This patch moves
assignment of context debug id earlier where it is known that no scripts have
been evaluated in the context.

Rather than checking options to see whether we're running pixel tests
the pixel_tests argument passed to GtkDriver._start should be used as
it also covers cases when pixel tests should be run because of testing
reftests. This again creates different Xvfb processes with proper
display IDs for a worker that's performing both ordinary and pixel
tests, as was the case before changes made in r114788.

No need to update viewport arguments when the body element is inserted into the Document.
Viewport arguments are updated first when the Document is set on the Frame, and later
on any subsequent occurence of the viewport meta tag in the document.
It is sufficient to dispatch viewport update once per main frame, if no viewport meta tag is present.

Also add a flag to be able to track viewport argument update dispatch.

Check if script execution is still paused before trying to resolve an
object for script popover because execution may be resumed after popover
showing is scheduled but before we start resolving the object under
the cursor in which case there is no selected call frame any more and
we should hide the popover.

Progress value needs resetting, when WebProcess crashes.
This patch moves crash logic for loading to QtWebPageLoadClient. It
also simplifies the callback function names in QtWebPageLoadClient, as they
all valid only for main frames.

The objective is to pass Isolate around in V8 bindings.
This patch adds an Isolate parameter to setJSWrapperForXXX()
and passes Isolate to setJSWrapperForXXX() in CodeGeneratorV8.pm.
I'll pass Isolate to setJSWrapperForXXX() in custom bindings
in a follow-up patch.

This change reverts back to using processingUserGesture() instead
of DOMWindow::allowPopUp(). This fixes incorrect behavior in
at least the Chromium port and is consistent with the cited
definition of "allowed to show a pop-up":

An algorithm is allowed to show a pop-up if, in the task in which the algorithm is running, either:

an activation behavior is currently being processed whose click event was trusted, or

Enable ctrl-arrow moves caret by word in visual order in non-Windows platforms that use ICU word
break iterator (it is not enabled for WinCE and Qt where ICU is not used). For those platforms, ctrl-arrow
moves caret to word break position before spaces. For example, given a logical text "abc def hij", the word
break positions using ctrl-left-arrow from rightmost position are "|abc |def |hij".
The word break positions using ctrl-right-arrow from leftmost position are "abc| def| hij|".

Test: editing/selection/move-by-word-visually-mac.html

editing/EditingBehavior.h:

(EditingBehavior):
(WebCore::EditingBehavior::shouldEatSpaceToNextWord): To control different word break positions
(regards to space) for different platforms.

editing/FrameSelection.cpp:

(WebCore::FrameSelection::modifyMovingRight): Enable visual word movement for all platforms that use ICU.
(WebCore::FrameSelection::modifyMovingLeft):

editing/visible_units.cpp:

(WebCore::visualWordPosition): Determine the right word break position (regards to space) based on EditingBehavior.
(WebCore::leftWordPosition):
(WebCore::rightWordPosition):

(WebCore::PNGImageDecoder::rowAvailable): Check interlace buffer allocations
and bail via longjmp on failure. Note PNG_INTERLACE_ADAM7 is the only libpng
supported interlace type so test for it explicitly.

PNGImageDecoder supports image downsampling. Add ENABLE guards to show where
downsampling is applied when outputting decoded rows to the frame buffer. Most
ports don't enable the flag: don't penalize them in terms speed in this tight
row pixel write loop. s/y/destY/ to match setRGBA() and amend some comments.

I would remove the whole function, but doing so opens a whole can of worms
as this override is public, yet normally this function is *private* (well protected on RenderBox).
It seems plausible that frame flattening code needs this override since it doesn't always
call the min/maxPreferredWidth() calls which normally automatically call this compute*
function if the pref-widths are dirty.
Instead of trying to track that all down, I'm just removing this line, and we'll go
back and remove the whole function at a later date if possible.

This also adds support for the seamless sandbox flag from HTML 5.
The sandbox flag is not speficially overridable in the current HTML5,
but it is set (like all sandbox flags) by default when sandbox is specified.
Unfortunately this support is not yet observable in this patch, as
this patch adds not observable features of seamless.

I noticed that my previous testing did not confirm that iframes marked
for seamless (but not possible to display as seamless due to sandbox, etc.)
were still to have this seamless styling. I've added additional testing for this case.

I also added another test for the about:blank FIXME added as part of this change.

In order to support srcdoc w/ seamless, we needed to move the srcdoc determination
sooner in the initSecurityContext function (before the should-inherit early return).

The next patch will make seamless actually observable from JS/DOM, this one
just lays down all the plumbing, and separates the security aspects for
easy review.

I also added a new test for about:blank iframes (per a code-FIXME)
as well as some new testing to confirm that the default seamless-CSS style
applies even when iframes cannot render seamless due to security restrictions.

fast/frames/seamless/seamless-basic-expected.txt:

fast/frames/seamless/seamless-basic.html:

fast/frames/seamless/seamless-inherited-origin-expected.txt: Added.

fast/frames/seamless/seamless-inherited-origin.html: Added.

fast/frames/seamless/seamless-inline-expected.txt:

fast/frames/seamless/seamless-min-max-expected.txt:

fast/frames/seamless/seamless-nested-expected.txt:

fast/frames/seamless/seamless-quirks-expected.txt:

fast/frames/seamless/seamless-sandbox-flag-expected.txt:

fast/frames/seamless/seamless-sandbox-flag.html:

fast/frames/seamless/seamless-sandbox-srcdoc-expected.txt:

http/tests/security/seamless/seamless-cross-origin-expected.txt:

http/tests/security/seamless/seamless-sandbox-srcdoc-expected.txt:

svg/in-html/by-reference.html: was using seamless, but really doens't want to, doing so just adds noise.

NATIVE_FULLSCREEN_VIDEO means the fullscreen video is implemented by native
system view instead of webkit.
So it is more appropriate to use USE(NATIVE_FULLSCREEN_VIDEO).
This chagne also disabled the rendering of the fullscreen video element in webkit
when that flag is set.
Just renaming the variable, no new tests.

dom/Document.cpp:

(WebCore::Document::webkitWillEnterFullScreenForElement):
(WebCore):

platform/graphics/MediaPlayer.cpp:

(WebCore):

platform/graphics/MediaPlayer.h:

(MediaPlayer):

platform/graphics/MediaPlayerPrivate.h:

(MediaPlayerPrivateInterface):

Source/WebKit/chromium:

NATIVE_FULLSCREEN_VIDEO means the fullscreen video is implemented by native
system view instead of webkit
So it is more appropriate to use USE(NATIVE_FULLSCREEN_VIDEO).
Just rename the flag, no new tests

This chage forces us to allocate RenderLayers for overflow: hidden as it has been causing several
regressions. It leaves all of the scaffolding around to keep the change small. See bug 83954 for
the proper revert for trunk.

Remove the dependency on *Command.h files from Mac port's WebKit layer.
Also wrapped the call to TypingCommand::insertParagraphSeparatorInQuotedContent in the Editor class
so that we can just expose Editor's method instead of directly exposing the said static method.

Remove one bit from m_column (which should be fine as I wouldn't expect tables above 1 millions
columns to render at all anyway) to pack the bitfields in 32 bits. Re-arranged the bits to have the bigger
bitfield first.

Implements a naive dominator calculator, which is currently just used to
print information in graph dumps. I've enabled it by default mainly to
be able to track its performance impact. So far it appears that there is
none, which is unsurprising given that the number of basic blocks in most
procedures is small.

Also tweaked bytecode dumping to reveal more useful information about the
nature of the code block.

Added a bitvector class suitable for cheap static analysis. This class
differs from BitVector in that instead of optimizing for space, it
optimizes for execution time. Its API is also somewhat less friendly,
which is intentional; it's meant to be used in places where you know
up front how bit your bitvectors are going to be.

(WebCore::Page::startCountingRelevantRepaintedObjects):
Set m_isCountingRelevantRepaintedObjects to true after calling reset, since reset now sets it to false.

(WebCore::Page::resetRelevantPaintedObjectCounter):
Set m_isCountingRelevantRepaintedObjects to false.

(WebCore::Page::addRelevantRepaintedObject):
Use HashSet::find to avoid an extra hash lookup.

page/scrolling/ScrollingCoordinator.cpp:

(WebCore::ScrollingCoordinator::updateMainFrameScrollPositionAndScrollLayerPosition):
Remove the call to FrameView::updateCompositingLayersAfterLayout now, since FrameView::notifyScrollPositionChanged
already calls this and was making us to a lot of work twice.

A few of the dfg operations failed to correctly set the topCallFrame,
and so everything goes wrong. This patch corrects the effected operations,
and makes debug builds poison topCallFrame before calling a dfg operation.

The new preTargetedNode parameter can be used to pass in the Node that is
the target of the GestureTap event. If this parameter is used, adjustedPoint
is changed to be the center of the Node's bounding rectangle.

DOMWindowExtension::disconnectFrame assumed it would only be called when there was a frame
to disconnect. However, DOMWindow's destructor invokes disconnectFrame on all its
DOMWindowProperties, even if it already did so when it entered the page cache.

page/DOMWindowExtension.cpp:

(WebCore::DOMWindowExtension::disconnectFrame):
Don't do anything if the frame has already been disconnected.

Source/WebCore: Temporarily remove webkitSourceAddId() & webkitSourceRemoveId() from DOM
until the rest of the Media Source v0.5 methods are implemented. This is
to prevent ambiguity about whether v0.5 is fully supported or not.​https://bugs.webkit.org/show_bug.cgi?id=85295

These are all test cases which were written as part of implementing seamless
on my github branch: ​https://github.com/eseidel/webkit/compare/master...seamless
All of these will pass once the implementation is landed, which I am uploading
as a series of patches as we speak. Because the each of pieces
affects variety of tests, it seems easiest to read the implmentation
diffs if I land all the tests up-front.

Because some layers lock/unlock resources, it needs to be guaranteed
that if willDraw is called on a layer then didDraw will also be called
on that layer before another willDraw or before layer destruction. Add
asserts to make sure that this is the case.

willDraw is called via CCLayerTreeHostImpl::prepareToDraw ->
calculateRenderPasses. didDraw was previously called in
CCLayerTreeHostImpl::drawLayers. Sometimes drawLayers was being
skipped by the caller of these functions based on what prepareToDraw
returned (causing didDraw to not be called). Fix this by having an
explicit step to call didDraw on all layers. This new didDrawAllLayers
function must be called if and only if prepareToDraw is called.

This is currently broken for values-animation. The accumulation should happen after a full cycle of the values animation ran (aka. at the end of the duration).
A values animation works like this: iterate over the list of values, and calculate a 'from' and 'to' value for a given time. Example for values="0; 30; 20" dur="2s":

0.0s .. 1.0s -> from=0, to=30

1.0s .. 2.0s -> from=30, to=20

Accumulation currently is taken into account at each interval for a values-animation instead of the end of the cycle. Fix that
by passing an additional 'toAtEndOfDuration' type to calculateAnimatedValue() which is used for accumulation instead of the
current 'to' value.

(WebCore::parseNumber): A helper for parseDate().
(WebCore::LocaleWin::parseNumberOrMonth): ditto.
(WebCore::LocaleWin::parseDate):
Parse a user-provided date string by matching with a DateFormatToken list.

(WebCore::appendNumber): A helper for formatDate().
(WebCore::appendTwoDigitsNumber): ditto. Write at least two digits.
(WebCore::appendFourDigitsNumber): ditto. Write at least four digits.
(WebCore::LocaleWin::formatDate):
Format a DateComponents by iterating a DateFormatToken list.

Prepare RenderBoxModelObject for FractionalLayoutUnits by adding rounding
logic to calculateBackgroundImageGeometry. Background images, as all
images, needs to be layed out on pixel boundaries thus we need to convert
it to a integer value.

(WebCore::RenderTableCell::styleDidChange):
Switched the rowWasSet check to an ASSERT. The new logic guarantees that
row index was set straight when we insert the row. The previous logic was
opened to some race conditions as we could wait for a recalcCells call before
setting the index on the rows which made this check necessary.

(WebCore::RenderTableRow::setRowIndex):
(WebCore::RenderTableRow::rowIndex):
Added those getter / setter. Also kept m_rowIndex's smaller size
for future optimization and for symmetry with the column index on
RenderTableCell.

rendering/RenderTableSection.cpp:

(WebCore::RenderTableSection::addChild):
(WebCore::RenderTableSection::recalcCells):
Made sure that whenever we insert or update our row index
we do call setRowIndex().

(WebCore::RenderTableSection::addCell):
This logic now doesn't need to query insertionRow as the cell's
should have the index of the row in which it is inserted.

Each platform will have a different set of input types that support the datalist UI.
This patch makes shouldRespectListAttribute ask the RenderTheme if it supports datalist UI for that input type.
Thus making it possible to do feature detection with JS.

Reviewed by Kent Tamura.

WebCore.gypi: Added RenderThemeChromiumCommon.{cpp,h}

html/ColorInputType.cpp:

(WebCore::ColorInputType::shouldRespectListAttribute):
(WebCore):

html/ColorInputType.h:

(ColorInputType):

html/InputType.cpp:

(WebCore::InputType::themeSupportsDataListUI): Static method used by TextFieldInputType, RangeInputType, and ColorInputType.
(WebCore):

html/InputType.h:

(InputType):

html/RangeInputType.cpp:

(WebCore::RangeInputType::shouldRespectListAttribute):

html/TextFieldInputType.cpp:

(WebCore::TextFieldInputType::shouldRespectListAttribute):

rendering/RenderTheme.h:

(RenderTheme):
(WebCore::RenderTheme::supportsDataListUI): Returns true if the platform can show the datalist suggestions for a given input type.

Reverting RenderObject::maximalOutlineSize to int. This is a slop value for repaint
rects that doesn't affect layout. It also derives its value from RenderView's function
of the same name, which is already an integer.

When zooming, we need to be careful about how to convert the visible rect from float to int.
Using toAlignedRect can produce inconsistent width and height when we are scrolling.
This patch carefully modifies each piece of the visible rect, to avoid such rounding errors.
In addition, the TransformationMatrix we use for painting, needs to be adjusted for the same rounding error.

We have a checked type that allows us to automate many of the
bounds checks we want here, so let's replace the floating point
math, and just use Checked<> throughout. We use a non-recording
Checked<> as no overflows should reach this point, so we'll take
a hard early failure, over the cost of many branches when
accessing the raw values in loops.

Adding an absoluteValue free inline function that operates on LayoutUnits, which
allows us to have one function signature for ints or FractionalLayoutUnits. We
can't simply add a FractionalLayoutUnit flavor of abs because it confuses
some compilers due to the implicit FractionalLayoutUnit constructors that take
ints and floats.

Updating LayoutUnit usage in a pair of remaining functions to minimize the remaining work to switching
to FractionalLayoutUnits for layout instead of integers.

No new tests. No change in behavior.

rendering/InlineFlowBox.cpp:

(WebCore::InlineFlowBox::placeBoxesInBlockDirection): Though stored as a float, the top is always
set to an integer value. When we move to sub-pixel, we need to preserve this. Not preserving this
behavior affects text decorations, most notably underlines.

rendering/RenderWidget.cpp:

(WebCore::RenderWidget::updateWidgetGeometry): Adding pixel snapping for the content box if it's
not transformed (absoluteContentBox includes pixel snapping), and properly treating the boundingBox
as an IntRect.

Bailing from the space distribution loop in layoutHorizontal/VerticalBox when
the remaining space falls below one pixel. This has no effect in whole-pixel
layout, but avoids unnecessary work/infinite loops in the sub-pixel case.

The crash was caused by a malformed range obtained within an event handler of mutation events
(DOMNodeRemovedFromDocument). Because this range wasn't updated per node removal, range functions
end up not behaving well.

Fixed the bug by changing the order of the notifications in ContainerNode::willRemoveChild.
We now fire mutation events first before updating ranges so that any range created inside those
event handlers can also be updated prior to the actual node removal.

Test: fast/dom/Range/range-created-in-mutation-event-crash.xhtml

dom/ContainerNode.cpp:

(WebCore::willRemoveChild):

LayoutTests:

Add a regression test. We use alert here instead of innerHTML, textContent, etc...
because document element is no longer well-formed at the end of the test.

The call to updateMainFrameScrollPosition was added to make the WebKit2 find overlay work, since it relies
on scroll position updates being synchronous. Change the find code in WebKit2 to handle asynchronous scroll
position updates and remove the call to updateMainFrameScrollPosition.

page/scrolling/ScrollingCoordinator.cpp:

(WebCore::ScrollingCoordinator::requestScrollPositionUpdate):

Source/WebKit2:

The find machinery should cope with asynchronous scroll position updates.

WebProcess/WebPage/FindController.cpp:

(WebKit::FindController::updateFindUIAfterPageScroll):
Split the code that handles updating the find indicator and find overlay out into a separate function.

(WebKit::FindController::findString):
Call updateFindUIAfterPageScroll once we know that the scroll position has been updated.

Add DrawingArea::dispatchAfterEnsuringUpdatedScrollPosition, which will call the given function object after
making sure that the scroll position has been updated correctly. This is important for TiledCoreAnimationDrawingArea,
which updates the scrolling position asynchronously.

WebProcess/WebPage/DrawingArea.cpp:

(WebKit::DrawingArea::dispatchAfterEnsuringUpdatedScrollPosition):
Since scroll position updates are synchronous by default, just call function directly.

WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:

(WebKit::TiledCoreAnimationDrawingArea::dispatchAfterEnsuringUpdatedScrollPosition):
Commit the layer tree state and then use ScrollingThread::dispatchBarrier to make sure that the function is called when any
scroll position changes have been made. If possible, freeze the layer tree to make sure that the update is atomic.

Update platform code to use the pixel snapped values for painting rects
to line up with device pixels and change platform specific hit testing
code to use roundedPoint as hit testing is still mostly done on integer
bounds.

When invoking StringImpl::startsWidth() or StringImpl::endsWith() with
a string literal, a new String was constructed implicitly, allocating
a new StringImpl and copying the characters for the operation.

This patch adds a version of those methods for single characters and
string literals.
This allows us to avoid allocating memory and use the characters in place,
and it permits some extra shortcuts in the implementation.

(WebCore::AutoTableLayout::calcEffectiveLogicalWidth):
As we are spreading the cell's min / max logical width, we should be updating them.
This prevents the following logic getting confused and allocating more than needed.

Add a ScrollingThread::dispatchBarrier function which takes a WTF::Function and dispatches it to the main thread
once all the currently scheduled scrolling thread functions have run. This is to be used for synchronization between the
scrolling thread and the main thread.

On android, the fullscreen video was implemented by passing a java
surfaceView to an android mediaplayer class.
The implementation of that logic should happen in WebKit::WebMediaPlayer.
This change makes it possble for WebViewImpl::enterFullScreenForElement()
to call WebMediaPlayer->enterFullscreen(), thus solving the issue.

Sorry, there is a merge error during the previous commit, resolved now

No new tests. This just exposes the flag so later it can be used by android.

When radix, we use to turn the doubleValue into a JSValue just to convert
it to a String. The problem is that was using the slow path for conversion and
for the toString() operation.

This patch shortcuts the creation of a JSValue and uses NumericStrings directly.
The conversion is split between Integer and Double to ensure the fastest conversion
for the common case of integer arguments.

Converting number with radix 10 becomes 5% faster.

Due to the simpler conversion of number to string for integer, converting
integers that do not fall in the two previous optimizations get 32% faster.

Add a new flag for controlling the fixed point denominator in
FractionalLayoutUnit. Controls whether the denominator is set to 60 or 1.
Until we change the LayoutUnit typedef this change will have no effect.

No new tests, no change in functionality.

platform/FractionalLayoutUnit.h:

(WebCore):
(WebCore::FractionalLayoutUnit::operator++):
(WebCore::operator/):
(WebCore::operator+):
Add ++, / double and and + double operators. These are needed when
ENABLE_SUBPIXEL_LAYOUT is not enabled.

platform/graphics/FractionalLayoutRect.cpp:

(WebCore::enclosingFractionalLayoutRect):

Source/WTF:

Reviewed by Eric Seidel.

Add a new flag for controlling the fixed point denominator in
FractionalLayoutUnit. Controls whether the denominator is set to 60 or 1.
Until we change the LayoutUnit typedef this change will have no effect.

As commented in ​https://bugs.webkit.org/show_bug.cgi?id=79963#c16 we do not
usually subclass basic types like Vector. This patch changes code to use
Vector<Attribute> directly and move around the functionality of the former
methods to more specific helper functions or inline code at the callers.

(WebCore::HTMLTreeBuilder::processFakeStartTag):
(WebCore::HTMLTreeBuilder::attributesForIsindexInput): Loop through the attributes
backwards so we can remove items without affecting the rest of the loop run.

StyleImage::computeIntrinsicDimensions() is only called from one
place: RenderBoxModelObject::calculateIntrinsicDimensions(), and that
is only used for background images and border images. In my original
image-set work, I decided that
StyleCachedImageSet::computeIntrinsicDimensions() would compute
"intrinsic" dimensions, meaning that they would compute the dimensions
that the image resource was pretending to be rather than the actual
dimensions of the resource. I chose to do this because it made
background images work great without changing the call-site. But border
images need to know the actual intrinsic dimensions, so this design
decision (which was admittedly questionable from the start) won't
stick.

This patch makes StyleImage::computeIntrinsicDimensions() return
actual intrinsic dimensions. Then the border-image and background-
image code is very lightly patched to account for the image's scale
factor.

These functions no longer need the scale factor parameter.

loader/cache/CachedImage.cpp:

(WebCore::CachedImage::computeIntrinsicDimensions):

loader/cache/CachedImage.h:

(CachedImage):

platform/graphics/GeneratedImage.h:

(GeneratedImage):

platform/graphics/GeneratorGeneratedImage.cpp:

(WebCore::GeneratedImage::computeIntrinsicDimensions):

platform/graphics/Image.cpp:

(WebCore::Image::computeIntrinsicDimensions):

platform/graphics/Image.h:

(Image):

platform/graphics/cg/PDFDocumentImage.cpp:

(WebCore::PDFDocumentImage::computeIntrinsicDimensions):

platform/graphics/cg/PDFDocumentImage.h:

(PDFDocumentImage):

svg/graphics/SVGImage.cpp:

(WebCore::SVGImage::computeIntrinsicDimensions):

svg/graphics/SVGImage.h:

(SVGImage):

rendering/style/StyleCachedImageSet.cpp:

(WebCore::StyleCachedImageSet::computeIntrinsicDimensions):

New function on StyleImage returns the image's scale factor.

rendering/style/StyleCachedImageSet.h:

(WebCore::StyleCachedImageSet::imageScaleFactor):

rendering/style/StyleImage.h:

(WebCore::StyleImage::imageScaleFactor):

Scale the intrinsic size of the background image down by the scale
factor.

rendering/RenderBoxModelObject.cpp:

(WebCore::RenderBoxModelObject::calculateFillTileSize):

Slices should be multiplied by the image's scale factor since they are
always expected to the specified in the 1x image's coordinate space.
(WebCore::RenderBoxModelObject::paintNinePieceImage):

There was a reference cycle between CSSImageSetValue and StyleCachedImageSet via
CSSImageSetValue::m_imageSet / StyleCachedImageSet::m_imageSetValue. Break the cycle
by having StyleCachedImageSet hold a weak reference to the CSSImageSetValue rather
than a strong reference.

Instead of automatically using an intermediate surface for layers with opacity and
children, we limit surface usage for layers with more than one child and for layers with
one child and contents of its own.

This prevents us from using intermediate surfaces in cases where a single layer with
opacity has a single descendant with content, in which case normal blending can be used.

When pasting a copied portion of a blockquote with a newline at the end into an unquoted area,
the newline is inserted after the blockquote since we don't want it also to be quoted. However,
this behavior has also applied when we insert a paragraph between quoted lines, which is incorrect.
To figure out the right place to insert a paragraph, we need providing more information to the
InsertParagraphSeparatorCommand by introducing a boolean parameter "pasteBlockqutoeIntoUnquotedArea".

Add a new public class to the API, WebKitFileChooserRequest, to be
emitted along with a new WebKitWebView::run-file-chooser signal to
let client applications to provide their own file chooser dialog
when the use interacts with HTML Input elements of type 'file'.

Provide private API to make a file chooser request from the
WebView, and provide a default handler for it.

UIProcess/API/gtk/WebKitWebView.cpp:

(fileChooserDialogResponseCallback): Handler for the 'response'
signal for the GtkFileChooserDialog used in the default
handler. It will call to webkit_file_chooser_request_select_files
or webkit_file_chooser_request_cancel as needed.
(webkitWebViewRunFileChooser): Default handler for the new
'run-file-chooser' signal. It will create a GtkFileChooserDialog,
connect to the 'response' signal and show it.
(webkit_web_view_class_init): Connect the 'run-file-chooser'
signal to the default handler, webkitWebViewRunFileChooser.
(webkitWebViewRunFileChooserRequest):

UIProcess/API/gtk/WebKitWebView.h:

(_WebKitWebViewClass): Added prototype for the handler of the new
'run-file-chooser' signal.

UIProcess/API/gtk/WebKitWebViewPrivate.h: Added prototype for

private new function webkitWebViewRunFileChooserRequest.

Provide an implementation for runOpenPanel in WebKitUIClient.

UIProcess/API/gtk/WebKitUIClient.cpp:

(runOpenPanel): New, implements runOpenPanel by creating an
instance of WebKitFileChooserRequest and asking the WebView to
emit the 'run-file-chooser' signal with it.
(attachUIClientToView): Reference the new runOpenPanel function.

Added the new publich header to the main header.

UIProcess/API/gtk/webkit2.h: Added WebKitFileChooserRequest.h.

New unit tests for the new WebKitFileChooserRequest API. Also,
extended the WebViewTest class to allow simulating mouse clicks.

UIProcess/API/gtk/tests/TestWebKitWebView.cpp:

(checkMimeTypeForFilter): New, checks whether a GtkFileFilter
filters a given MIME type, as specified by RFC 2046.
(testWebViewFileChooserRequest): New unit test.
(beforeAll): Add the new unit test as an UIClientTest.

UIProcess/API/gtk/tests/WebViewTest.cpp:

(WebViewTest::clickMouseButton): New public function to simulate a
mouse click through GdkEvents, as the combination of a 'press' and
a 'release' event. Used from the new unit test to simulate the
user pressing in the button rendered for a HTML Input element.
(WebViewTest::executeMouseButtonEvent): New private function to
simulate a mouse event through GdkEvents.

It is good practice not to leave member variables uninitialized. They make debugging more difficult by reducing
repeatability, and in some cases lead to the possibility of information leakage occuring. This patch simply adds
initialization of m_numParsedPropertiesBeforeMarginBox to CSSParser's constructor to INVALID_NUM_PARSED_PROPERTIES
so that the initial state is the same as the state after the properties are cleared.

No tests added because this is a code style fix, not an actual bug so long as the bison generated code calls
startDeclarationsForMarginBox() and endDeclarationsForMarginBox() symmetrically. The lack of initialization was
originally detected by coverity.

We should use combined() instead of combinedForChildren() since we don't allow
intermediate surfaces for preserves-3d. Also, we should apply the offset before
multiplying the transforms, otherwise the transform-origin is incorrect.

This is not correct. The parsing can be done more than once,
and thus we cannot clear data. This patch removes the above code.

Consider the following situation:

(1) Assume '<body onresize="f()"></body>'.
(2) prepareListenerObject() runs.
(3) Since this is the first parsing, hasExistingListenerObject()
returns false. After the parsing, the listener object is set
by setListenerObject().
(4) GC runs. Since there is no strong reference to the listener
object, weakEventListenerCallback() is called back, and the listener
object is disposed.
(5) A resize event is triggered.
(6) prepareListenerObject() is called again. Since the listener object
is already disposed, hasExistingListenerObject() returns false,
and the second parsing starts.

In my investigation, the above situation is happening in the reported
Chromium bug. Anyway, I am sure that potentially the parsing can be
done more than once, and thus we must keep m_xxxx data.

No tests: I tried hard to create a DRT test, but could not.
The bug depends on the behavior of GC, and thus the reported bug is
non-deterministic. For example, (as explained in the Chromium issue,)
the bug does not happen if we load an HTML from network because
the network latency hides the bug. Also the bug happens in the
popup window only. If we open the reported HTML in the main window,
we cannot reproduce the bug.

(JSGlobalContextRelease): Now that we can rely on JSGlobalData to "do
the right thing", this code is much simpler. We still have one special
case to notify the garbage collector if we're removing the last
reference to the global object, since this can improve memory behavior.

I removed the feature of ensuring orderly tear-down when calling quit()
or running in --help mode because it didn't seem very useful and
making it work with Windows structured exception handling and
NO_RETURN didn't seem like a fun way to spend a Saturday.

runtime/JSGlobalData.h:

runtime/JSGlobalData.cpp:

(JSC::JSGlobalData::JSGlobalData): Moved heap to be the first data
member in JSGlobalData to ensure that it's destructed last, so other
objects that reference it destruct without crashing. This allowed me
to remove clearBuiltinStructures() altogether, and helped guarantee
rule (3).

(JSC::JSGlobalData::~JSGlobalData): Explicitly call
lastChanceToFinalize() at the head of our destructor to ensure that
all pending finalizers run while the virtual machine is still in a
valid state. Trying to resurrect (re-ref) the virtual machine at this
point is not valid, but all other operations are.

Changed a null to a 0xbbadbeef to clarify just how bad this beef is.

runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):

runtime/JSGlobalObject.h:

(JSGlobalObject):
(JSC::JSGlobalObject::globalData): See rule (3).

Source/WebCore:

bindings/js/WorkerScriptController.cpp:

(WebCore::WorkerScriptController::~WorkerScriptController): Slightly
simpler than before. We can't just rely on our default destructor
because we need to hold the JSLock when we tear down the VM.

bridge/NP_jsobject.cpp:

(_NPN_InvokeDefault):
(_NPN_Invoke):
(_NPN_Evaluate):
(_NPN_Construct): Don't RefPtr<> the JSGlobalData because it makes it
seem like you know something the rest of our code doesn't know. The
plugin JSGlobalData is immortal, anyway.

I also removed some timeout checker related code because that feature
doesn't work anymore, so it was effectively dead code.

We can save a file with help of InspectorFrontendHost.save method,
but it is suitable only for relatively small portions of data and
can't process the 6Gb heap snapshot.
These methods just pass the url and content into embedder.

The bug originated from clearing an intermediate surface with glClear while the scissor
state was wrong.
When using intermediate surfaces, maintain a clip-stack for each surface, rather than
a single clip-stack for the whole scene. When a surface is bound, its clip stack should
be applied.

Change Length and CSS length computation to floating point. This gets us
closer to the goal of supporting subpixel layout and improves precision
for SVG which already uses floating point for its layout.

This change makes computedStyle return fractional values for pixel values
if a fraction is specified. It also changes the result of computations
where two or more values with fractional precision. Prior to this change
the result of Length(2.9) + Length(2.9) would be 4 as each value would be
floored. With this change the result is 5 as the addition is done with
floating point precision and then the result will be floored. Once we
enable subpixel layout the resulting value in this example would be 5.8.

If a value is sufficiently close to the next integer round it up to
ensure that a style rule such as "width: 4.999px" evaluates to 5px
instead of 4px. This is needed as, although Lengths are using floating
point, the layout system still uses integer precision and floors the
Length values.
This will change once we move to FractionalLayoutUnits but for now this
is needed to ensure compatibility with the existing system and tests.

Without this specialized rounding logic we fail a handful of tests
including acid3.

platform/Length.h:

(WebCore::Length::value):
(Length):
(WebCore::Length::intValue):

rendering/RenderTableCell.cpp:

(WebCore::RenderTableCell::styleOrColLogicalWidth):

LayoutTests:

Reviewed by Eric Seidel.

Change Length and CSS length computation to floating point. This gets us
closer to the goal of supporting subpixel layout and improves precision
for SVG which already uses floating point for its layout.

This change makes computedStyle return fractional values for pixel values
if a fraction is specified. It also changes the result of computations
where two or more values with fractional precision. Prior to this change
the result of Length(2.9) + Length(2.9) would be 4 as each value would be
floored. with this change the result is 5 as the addition is done with
floating point precision and then the result will be floored. Once we
enable subpixel layout the resulting value in this example would be 5.8.

Only dump as text if currently dumping render tree. This ensures that
calling dumpAsText in a test with dumpChildFramesAsText already being
called doesn't override the first decision, possibly making tests fail.

Switch AnimatedColorAnimator to use the standard animateAdditiveNumber() method, taking progress & repeatCount into account.
This gives us accumulation/repeatCount support for free.

We just animate the four color components on their own now and clamp once at the end after addition/accumulation finished.
Import <animateColor> tests from Dr. Olaf Hoffmanns SVG Animation test suite, which all pass now.

While I was at it, remove the includeSMILProperties boolean from computeCSSPropertyValue - we always use the computed style
without SMIL effects included, whenever we want to retrieve the "base value", or handle "inherit/currentColor".

(SVGPathByteStream): Make SVGPathByteStreams copyable, needed for SVGAnimatedPathAnimator.
(WebCore::SVGPathByteStream::size): Returns size of the SVGPathByteStream.

svg/SVGPathParserFactory.cpp:

(WebCore::SVGPathParserFactory::buildAnimatedSVGPathByteStream): Allow empty from streams, needed for by animations.
(WebCore::SVGPathParserFactory::addToSVGPathByteStream): Add 'byStream' 'repeatCount' times to 'toStream'. Both streams must match in size.

svg/SVGPathParserFactory.h: Add new addToSVGPathByteStream function.

svg/SVGPointList.cpp: Remove dead code.

svg/SVGPointList.h: Ditto.

(SVGPointList):

LayoutTests:

svg/animations/path-animation.svg: Added.

svg/animations/path-animation-expected.svg: Added.

svg/animations/repeating-path-animation-expected.svg: Added.

svg/animations/repeating-path-animation.svg: Added.

svg/animations/script-tests/svgpath-animation-1.js: Correct testcase, now that by animations are supported.